Cooley LLP · 1 month ago
Technology Vulnerability Management Engineer
Palo Alto
Full-time
Onsite
Mid, Senior Level
$110K/yr - $155K/yr
2+ years expCooley LLP is seeking a Technology Vulnerability Management Engineer to join their Security team. This role will lead the full vulnerability management lifecycle, focusing on discovery, validation, risk-based prioritization, and remediation across various environments while collaborating with cross-functional teams to enhance security measures.
Document PreparationLegalProfessional Services
Responsibilities
Support the development and continuous optimization of vulnerability management services, including scanning cadence, exception handling, SLAs and alignment with security controls
Build and maintain standards, playbooks, and repeatable processes to improve the efficiency and maturity of the vulnerability management program
Administer and optimize enterprise vulnerability management platforms (e.g., Tenable/Qualys/Rapid7), ensuring accurate coverage across assets
Integrate asset context from CMDB, EDR, and cloud inventory to drive effective risk-based prioritization
Build automation for data ingestion, deduplication, ticketing, and reporting using APIs, scripting, and other tools to improve data quality and reduce false positives
Analyze and interpret vulnerability scan results to assess severity, validate findings, and provide actionable remediation recommendations
Publish dashboards and reports tailored for engineers, management, and executive leadership to communication progress and risk
Drive remediation efforts, including patching, configuration baselines, and compensating controls, and validate results through rescans or attestations
Partner with developers, DevOps, and other stakeholders to implement “shift-left” practices such as pipeline scanning, container/base-image hygiene, and Infrastructure-as-Code (IaC) hardening
Collaborate with cross-functional teams to implement security solutions and controls that mitigate identified vulnerabilities
Support audits, assessments, and regulatory compliance requirements by providing accurate documentation and evidence
Identify opportunities for process improvements, tool optimization, and template standardization to increase efficiency and reduce operational overhead
Stay current on emerging threats, vulnerabilities, and industry best practices to ensure the program remains effective and modern
Contribute to advanced security testing activities such as penetration testing, application reviews and targeted vulnerability assessments as needed
Assist with incident response activities by providing vulnerability context, supporting root cause analysis, and helping to validate containment and remediation actions
All other duties as assigned or required
Qualification
Required
After orientation at Cooley LLP, exhibit proficiency in the Microsoft 365, MECM, Intune, iManage and other firm applications
Ability to work extended and/or weekend hours, as required
2+ years of experience in cyber security, vulnerability management, or penetration testing. Senior candidates must have 5+ years' directly applicable experience in the field
Strong hands-on experience conducting vulnerability scans, including configuration and use of tools such as Tenable, Qualys, Rapid7
Knowledge of cybersecurity frameworks, controls and standards, and best practices
Solid understanding of Windows/Linux, networks, web/application stacks, and at least one major cloud provider (AWS/Azure)
Proficiency in Python or PowerShell and REST APIs; ability to build repeatable pipelines/dashboards
Familiarity with CVSS, KEV, EPSS and how they align with risk frameworks
Extensive knowledge and experience generating and disseminating easily digestible metrics and report to system owners and leadership
Preferred
Bachelor's Degree in Information Technology or Computer Information Systems
Knowledge of the Mitre ATT&CK framework and NIST Cyber Security Framework
Familiarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)
Experience with incident response procedures
Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms
Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams
Solid knowledge and understanding of security regulations and best practices such as the ISO 27000 family of standards
Demonstrated experience communicating technical information to business clients and less experienced technologists
CISSP, CISM or equivalent
Experience with CI/CD pipelines
Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)
Cloud Security Alliance (CCSP, CCSK) (ISC)2
Additional security certifications
Benefits
Medical
Health savings account (with applicable medical plan)
Dental
Vision
Health and/or dependent care flexible spending accounts
Pre-tax commuter benefits
Life insurance
AD&D
Long-term care coverage
Backup care for children and/or adults
Other parental support benefits
Firm-paid life insurance
AD&D
LTD
Short term medical benefits
21 days of Paid Time Off (“PTO”)
10 paid holidays each year
Generous parental leave
Fertility benefits
Company
Cooley LLP
Clients partner with Cooley on transformative deals, complex IP and regulatory matters, and high-stakes litigation.
1001-5000 employees
H1B Sponsorship
Cooley LLP has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (28)
2024 (10)
2023 (15)
2022 (18)
2021 (22)
2020 (14)
Funding
Current Stage
Late StageLeadership Team
Victor Nunez
Chief Operating Officer
Charley Haley
Partner
Recent News
2026-01-02
Payments Dive
2025-11-04
bloomberglaw.com
2025-10-29
Company data provided by crunchbase